Information Security

Information Security

People are the most important element needed to achieve overall security at PSOM. Remember, security will not work without you. YOU are the key to security at PSOM. Please visit the User Responsibilities page for more information.

Risk Assessments

It is important to keep an accurate inventory of applications, databases, and processes that use sensitive information. Identified systems should be assessed to determine security related vulnerabilities and identify safeguards that will need to be implemented to reduce risk to an acceptable level. The Security and Privacy Impact Assessment (SPIA) process will help to ensure that information is protected and used only for its intended purpose. Information Security will work with you to complete these assessments. Contact Dave Wargo, david.wargo@uphs.upenn.edu for more information.

Vulnerability Management

Critical systems, i.e. a server that stores sensitive information, should be scanned for vulnerabilities on a regular basis. Please register systems containing sensitive information in the critical host database. Registered systems will be scanned regularly by ISC Security.

Incident Response

If you become aware of a breach of confidential data at PSOM, or of a security related issue involving PSOM computers or networking resources, contact the PSOM Information Security Office using one of the following methods: